Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

LinuxSecurity.com
Feature Extras:

Free Online security course (LearnSIA) - A Call for Help - The Survivability and Information Assurance (SIA) course was originally developed by a team at Carnegie Mellon, led by Lawrence Rogers (http://www.cert.org/sia/). Back in 2010, I requested a license to continue the development of the course because it provides useful information on Information Assurance. Also, this course will always be freely available for anyone to use in the classroom or self-study. There are three parts to the LearnSIA curriculum.

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

Who is more likely to hand over their personal online information, a criminal hacker or an IT security professional? It seems they are all pretty bad if a female is involved, but "white hats" are worse.

Hackers who infiltrated the Nasdaq's computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter.

It's no doubt that one of the leaders for network equipment is Cisco Systems. Newer Cisco devices are starting to use what Cisco calls its "IOS-XE" operating system, which is a customized flavor of GNU/Linux. Yes, GNU/Linux, which should not come as any surprise as GNU/Linux is used on countless high level appliances and security devices.

IT security experts have long loved to troll through hacker forums to gather intelligence on emerging threats and even (as in the ill-fated case of HBGary Federal CEO Aaron Barr) try to profile the hackers themselves. But as a report from IT security firm Imperva shows, many of the so-called hacker portals out there are more hangouts for newbie hackers (and possibly a few budding FBI informants) looking at how to get started in the game.

The hacker collective known as Anonymous has expressed interest in hacking industrial systems that control critical infrastructures, such as gas and oil pipelines, chemical plants and water and sewage treatment facilities, according to a Department of Homeland Security bulletin.

While many IT managers remain sceptical about storing company data off-site, there are many ways in which the dangers can be minimised. The qualities which make the cloud so appealing are also those which make it most vulnerable.

A mass-injection attack similar to the highly publicized LizaMoon attacks this past spring has infected more than 1 million ASP.NET Web pages, Armorize researchers said today. According to database security experts, the SQL injection technique used in this attack depends on the same sloppy misconfiguration of website servers and back-end databases that led to LizaMoon's infiltration.